The Electronic Privacy Information Center (EPIC) has obtained the
Department of Justice's recently issued "Federal Guidelines for
Searching and Seizing Computers." EPIC obtained the document under
the Freedom of Information Act. The guidelines provide an overview
of the law surrounding searches, seizures and uses of computer
systems and electronic information in criminal and civil cases. They
discuss current law and suggest how it may apply to situations
involving computers. The guidelines were developed by the Justice
Department's Computer Crime Division and an informal group of federal
agencies known as the Computer Search and Seizure Working Group.

Seizing Computers

A major portion of the document deals with the seizure of computers.
The document recommends the use of the "independent component
doctrine" to determine if a reason can be articulated to seize each
separate piece of hardware. Prosecutors are urged to "seize only
those pieces of equipment necessary for basic input/output so that
the government can successfully execute the warrant." The guidelines
reject the theory that because a device is connected to a target
computer, it should be seized, stating that "[i]n an era of increased
networking, this kind of approach can lead to absurd results."

However, the guidelines also note that computers and accessories are
frequently incompatible or booby trapped, thus recommending that
equipment generally should be seized to ensure that it will work.
They recommend that irrelevant material should be returned quickly.
"[O]nce the analyst has examined the computer system and data and
decided that some items or information need not be kept, the
government should return this property as soon as possible." The
guidelines suggest that it may be possible to make exact copies of
the information on the storage devices and return the computers and
data to the suspects if they sign waivers stating that the copy is an
exact replica of the original data.

On the issue of warrantless seizure and "no-knock warrants," the
guidelines note the ease of destroying data. If a suspect is
observed destroying data, a warrantless seizure may occur, provided
that a warrant is obtained before an actual search can proceed. For
"no-knock" warrants, the guidelines caution that more than the mere
fact that the evidence can be easily destroyed is required before
such a warrant can be issued. "These problems . . . are not,
standing alone, sufficient to justify dispensing with the knock-and-
announce rule."

Searching Computers

Generally, warrants are required for searches of computers unless
there is a recognized exception to the warrant requirement. The
guidelines recommend that law enforcement agents use utility programs
to conduct limited searches for specific information, both because
the law prefers warrants that are narrowly tailored and for reasons
of economy. "The power of the computer allows analysts to design a
limited search in other ways as well . . . by specific name, words,
places. . . ."

For computer systems used by more than one person, the guidelines
state that the consent of one user is enough to authorize a search of
the entire system, even if each user has a different directory.
However, if users have taken "special steps" to protect their
privacy, such as using passwords or encryption, a search warrant is
necessary. The guidelines suggest that users do not have an
expectation of privacy on large mainframe systems because users
should know that system operators have the technical ability to read
all files on such systems. They recommend that the most prudent
course is to obtain a warrant, but suggest that in the absence of a
warrant prosecutors should argue that "reasonable users will also
expect system administrators to be able to access all data on the
system." Employees may also have an expectation of privacy in their
computers that would prohibit employers from consenting to police
searches. Public employees are protected by the Fourth Amendment and
searches of their computers are prohibited except for ""non-
investigatory, work related intrusions" and "investigatory searches
for evidence of suspected work-related employee misfeasance."

The guidelines discuss the Privacy Protection Act of 1980, which was
successfully used in the Steve Jackson Games case against federal
agents. They recommend that "before searching any BBS, agents must
carefully consider the restrictions of the PPA." Citing the Jackson
case, they leave open the question of whether BBS's by themselves are
subject to the PPA and state that "the scope of the PPA has been
greatly expanded as a practical consequence of the revolution in
information technology -- a result which was probably not envisioned
by the Act's drafters." Under several DOJ memos issued in 1993, all
applications for warrants under the Privacy Protection Act must be
approved by a Deputy Assistant Attorney General of the Criminal
Division or the supervising DOJ attorney.

For computers that contain private electronic mail protected by the
Electronic Communications Privacy Act of 1986, prosecutors are
advised to inform the judge that private email may be present and
avoid reading communications not covered in the warrant. Under the
ECPA, a warrant is required for email on a public system that is
stored for less than 180 days. If the mail is stored for more than
180 days, law enforcement agents can obtain it either by using a
subpoena (if they inform the target beforehand) or by using a warrant
without notice.

For computers that contain confidential information, the guidelines
recommend that forensic experts minimize their examination of
irrelevant files. It may also be possible to appoint a special
master to search systems containing privileged information.

One important section deals with issues relating to encryption and
the Fifth Amendment's protection against self-incrimination. The
guidelines caution that a grant of limited immunity may be necessary
before investigators can compel disclosure of an encryption key from
a suspect. This suggestion is significant given recent debates over
the Clipper Chip and the possibility of mandatory key escrow.

Computer Evidence

The draft guidelines also address issues relating to the use of
computerized information as evidence. The guidelines note that "this
area may become a new battleground for technical experts." They
recognize the unique problems of electronic evidence: "it can be
created, altered, stored, copied, and moved with unprecedented ease,
which creates both problems and opportunities for advocates." The
guidelines discuss scenarios where digital photographs can be easily
altered without a trace and the potential use of digital signatures
to create electronic seals. They also raise questions about the use
of computer generated evidence, such as the results of a search
failing to locate an electronic tax return in a computer system. An
evaluation of the technical processes used will be necessary:
"proponents must be prepared to show that the process is reliable."

Experts

The DOJ guidelines recommend that experts be used in all computer
seizures and searches -- "when in doubt, rely on experts." They
provide a list of experts from within government agencies, such as
the Electronic Crimes Special Agent program in the Secret Service
(with 12 agents at the time of the writing of the guidelines), the
Computer Analysis and Response Team of the FBI, and the seized
recovery specialists (SERC) in the IRS. The guidelines reveal that
"[m]any companies such as IBM and Data General employ some experts
solely to assist various law enforcement agencies on search
warrants." Other potential experts include local universities and
the victims of crimes themselves, although the guidelines caution
that there may be potential problems of bias when victims act as
experts.

Obtaining a Copy of the Guidelines

EPIC, with the cooperation of the Bureau of National Affairs, is
making the guidelines available electronically. The document is
available via FTP/Gopher/WAIS/listserv from the EPIC online archive
at cpsr.org /cpsr/privacy/epic/fed_computer_siezure_guidelines.txt. A
printed version appears in the Bureau of National Affairs
publication, Criminal Law Reporter, Vol. 56, No. 12 (December 21
1994). (also available in the lectric Law Library(tm))

About EPIC

The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues relating to the
National Information Infrastructure, such as the Clipper Chip, the
Digital Telephony proposal, medical record privacy, and the sale of
consumer data. EPIC is sponsored by the Fund for Constitutional
Government and Computer Professionals for Social Responsibility.
EPIC publishes the EPIC Alert and EPIC Reports, pursues Freedom of
Information Act litigation, and conducts policy research on emerging
privacy issues. For more information email [email protected], or write
EPIC, 666 Pennsylvania Ave., S.E., Suite 301, Washington, DC 20003.
+1 202 544 9240 (tel), +1 202 547 5482 (fax).

The Fund for Constitutional Government is a non-profit organization
established in 1974 to protect civil liberties and constitutional
rights. Computer Professionals for Social Responsibility is a
national membership organization of people concerned about the impact
of technology on society. For information contact: cpsr-
[email protected]

Tax-deductible contributions to support the work of EPIC should be
made payable to the Fund for Constitutional Government.

-----
Brought to you by - The 'Lectric Law Library
The Net's Finest Legal Resource For Legal Pros & Laypeople Alike.
http://www.lectlaw.com

* * * * * * * * * *No one connected with the 'Lectric Law Library, including Sponsors, Advertisers, & Content Providers,
necessarily Endorses, Warrants or Approves of any of its material. Also, Library content is NOT meant
to provide Specific Legal Advice, or to Solicit or Establish Any Kind of Professional-Client Relationship.